Insights Into Japan’s Cybersecurity and Other Global Views

Conversational spearphishing? Global cyber-investigations? What is this world coming to?

After reading an in-depth report entitled “Cyber Security in Japan,” produced by the Center for International Public Policy Studies (CIPPS), Private WiFi corresponded with Senior Fellow Ryusuke Masuoka, PhD, also one of the study’s authors. The CIPPS report raised many interesting takeaways on the U.S. versus Japan, specifically when it comes to hacking and cybercrime.

Some say Japan is in the midst of a much-needed cybercrime fix (yet still lagging behind Hong Kong on issues like cybersecurity), even partnering with Singapore on that country’s new INTERPOL Digital Crime Center. It will open next year to facilitate cyber-research and innovation, provide cybersecurity training, and offer operational support for law enforcement agencies. In a bid to strengthen the global fight against cybercrime, Japan has chosen to enter a three-year partnership to provide technical and human resources worth Euro 7.6 million to establish a Digital Forensic Lab and Cyber-Fusion Center within that new digital crime center.

According to Masuoka, who works with Toky0-based CIPSS, here are some of the current differences between privacy policies and cybercrime in the United States and Japan:

The Japanese Constitution prohibits war other than for self-defense. Therefore, Japan cannot engage in preemptive cyber attacks, something the Obama administration is said to be considering. “Unless we change our constitution, which would be very difficult,” says Masuoka.

Workforce mobility is very low in Japan. “We have not seen cybersecurity people moving among private sector, public sector, and academia. It is also very unlikely, at this moment, that Japanese government agencies would hire hackers like FBI and other U.S. government agencies do,” says Masuoka.

Turf war. Who is in charge of cybersecurity among government agencies is similar to United States. Cybersecurity is now a huge issue in Japan and with that recognition, the budget comes with it. Under the current shrinking budget situation, cybersecurity is one of the items being assigned more budget

Conversational spearphishing. Recently, the National Police Agency (NPA) reported that they have observed a new and advanced spearphishing — known as conversational spearphishing. “In those attacks, the attacker starts an email conversation with the victim WITHOUT any attachment. The attacker sends an email with a malicious attachment only after he or she knows that the victim trusts him or her. I am always amazed at how smart hackers are!” Masuoka also notes that the NPA has been trying hard for a while to improve their bottom line cyber-investigation capability.

Very weak international cooperation base. But as in the slides in the CIPPS report, although cybercrime earned more attention last year in Japan, “there is little information on Japanese cybersecurity activities in English,” adds Masuoka.